Difference between revisions of "Coping With Postfix Mail Server Attacks"
From Free Knowledge Base- The DUCK Project: information for everyone
(Created page with " === Too many "smtp -t unix -u" processes === 1005 ? S 0:00 smtp -t unix -u 1006 ? S 0:00 smtp -t unix -u 1007 ? S 0:00 smtp -t unix -...") |
|||
| Line 37: | Line 37: | ||
Someone is attacking your email server. The server is spawning too many smtp processes and is slow or nearly not responsive. | Someone is attacking your email server. The server is spawning too many smtp processes and is slow or nearly not responsive. | ||
| + | |||
| + | Lets verify. Check the mail queue. | ||
| + | mailq | ||
| + | |||
| + | You might see lots of entries that look similar to this: | ||
| + | |||
| + | 4790F2C0DD7 2898 Mon Apr 6 13:08:07 MAILER-DAEMON | ||
| + | (connect to bny234.rayinsuranceclearly.ninja[94.228.216.234]:25: Connection timed out) | ||
| + | Angela.Sloan@bny234.rayinsuranceclearly.ninja | ||
| + | |||
| + | They might say "Connection timed out" or "Connection refused" | ||
| + | |||
| + | 437AC2C07BB 9359 Tue Apr 7 18:05:33 MAILER-DAEMON | ||
| + | (connect to 1fxxn8s.eiroeir.eu[8.39.223.104]:25: Connection refused) | ||
| + | HawaiiVacationDeals@eiroeir.eu | ||
Revision as of 14:06, 8 April 2015
Too many "smtp -t unix -u" processes
1005 ? S 0:00 smtp -t unix -u 1006 ? S 0:00 smtp -t unix -u 1007 ? S 0:00 smtp -t unix -u 1008 ? S 0:00 smtp -t unix -u 1009 ? S 0:00 smtp -t unix -u 1010 ? S 0:00 smtp -t unix -u 1011 ? S 0:00 smtp -t unix -u 1012 ? S 0:00 smtp -t unix -u 1013 ? S 0:00 smtp -t unix -u 1014 ? S 0:00 smtp -t unix -u 1015 ? S 0:00 smtp -t unix -u 1016 ? S 0:00 smtp -t unix -u 1017 ? S 0:00 smtp -t unix -u 1018 ? S 0:00 smtp -t unix -u 1019 ? S 0:00 smtp -t unix -u 1020 ? S 0:00 smtp -t unix -u 1021 ? S 0:00 smtp -t unix -u 1022 ? S 0:00 bounce -z -n defer -t unix -u 1023 ? S 0:00 smtp -t unix -u 1024 ? S 0:00 smtp -t unix -u 1025 ? S 0:00 smtp -t unix -u 1026 ? S 0:00 smtp -t unix -u 1027 ? S 0:00 smtp -t unix -u 1028 ? S 0:00 smtp -t unix -u 1030 ? S 0:00 smtp -t unix -u 1031 ? S 0:00 smtp -t unix -u 1032 ? S 0:00 smtp -t unix -u 1033 ? S 0:00 smtp -t unix -u 1034 ? S 0:00 smtp -t unix -u 1035 ? S 0:00 smtp -t unix -u 1036 ? S 0:00 smtp -t unix -u 1038 ? S 0:00 dovecot/pop3-login
Someone is attacking your email server. The server is spawning too many smtp processes and is slow or nearly not responsive.
Lets verify. Check the mail queue.
mailq
You might see lots of entries that look similar to this:
4790F2C0DD7 2898 Mon Apr 6 13:08:07 MAILER-DAEMON
(connect to bny234.rayinsuranceclearly.ninja[94.228.216.234]:25: Connection timed out)
Angela.Sloan@bny234.rayinsuranceclearly.ninja
They might say "Connection timed out" or "Connection refused"
437AC2C07BB 9359 Tue Apr 7 18:05:33 MAILER-DAEMON
(connect to 1fxxn8s.eiroeir.eu[8.39.223.104]:25: Connection refused)
HawaiiVacationDeals@eiroeir.eu
